Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Nov 17, 2025
Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay
CVE-2023-53688
Description
Nagios XI versions prior to 5.11.3 are vulnerable to cross-site scripting (XSS) and cross-site request forgery (CSRF) via the Hypermap Replay component. An attacker can submit crafted input that is not properly validated or escaped, allowing injection of malicious script that executes in the context of a victim's browser (XSS). Additionally, the component does not enforce sufficient anti-CSRF protections on state-changing operations, enabling an attacker to induce authenticated users to perform unwanted actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nagios/XIv5Range: 0
Patches
Vulnerability mechanics
References
3- www.nagios.com/changelog/nagios-xi/mitrerelease-notespatch
- www.nagios.com/products/security/mitrevendor-advisorypatch
- www.vulncheck.com/advisories/nagios-xi-xss-and-csrf-via-hypermap-relaymitrethird-party-advisory
News mentions
0No linked articles in our index yet.